1. Field of the Invention
The present invention relates to an information processor and, more particularly, to an information processor having an information dispersing function for preventing information leakage when a personal computer is forgotten or stolen, by dividing one piece of data into a plurality of pieces of disperse information and holding the disperse information by using the secret sharing scheme.
2. Description of the Related Art
In some cases, an important file of a secret document or the like is subjected to a special process such as ciphering and the processed file is stored, or divided into some files and stored in devices or memories which are physically different from each other so that even if the file is stolen, the data in the file cannot be reconstructed.
For example, a technique of dividing one file into a plurality of pieces of disperse information and storing the plurality of pieces of information by using the secret sharing scheme has been proposed (see Japanese Patent Laid-Open No. 2005-229178).
By collecting and combining some of the plurality of pieces of disperse information, the original file divided into the plurality of pieces of disperse information by the secret sharing scheme can be reconstructed. Redundancy can be provided so that an original file can be reconstructed by using the number of pieces of disperse information smaller than the division number. Even in the case where one piece of the disperse information is stolen, the original file can be reconstructed from the other disperse information.
For example, in the case of carrying secret data to an outside place, by storing disperse information of the secret data, by which the secret data can be reconstructed, into some devices (such as a personal computer, a USB memory, an FD, and the like) and carrying only necessary devices, the risk that all of the devices are stolen can be reduced. Since the secret data cannot be reconstructed unless all of the devices are used, it can be guaranteed that leakage of information does not occur.
FIG. 42 is a schematic view of conventional information dispersion and reconstruction.
It is assumed that original data D00 is generated and stored by a personal computer and, at the time of storage, the original data D00 is dispersed to three pieces of information with a threshold value 2 by using the secret sharing scheme.
The threshold value denotes here the number of pieces of disperse information from which the original data can be reconstructed. The “threshold value 2” denotes that the original data can be reconstructed from any two pieces of disperse information out of the three pieces of disperse information.
For example, the original data D00 is divided into three pieces of disperse information (1, 2, 3) which are stored into a hard disk in a personal computer (PC), a USB memory, and a server.
After that, the user carries only the personal computer (PC) and the USB memory, that is, only two pieces of disperse information (1, 2).
The user reads the two pieces of disperse information (1, 2) to edit the original data D00 in an outside place. Although the three pieces of disperse information are not available, the original data D00 is reconstructed from the two pieces of disperse information (1, 2) and becomes an editable state.
After the reconstructed original data D00 is edited, post-edit data D01 which is partly different from the original data D00 is obtained. When the post-edit data D01 is stored in an outside place, by using a similar secret sharing scheme, the data D01 is divided into three pieces of disperse information (A, B, and C).
In the case of editing the original data D00 in an outside place, when the secret sharing scheme is performed again after the editing, disperse information C for the device which is not carried out is also generated. However, the device (server) which is not carried out is not available on an outside place, so that the disperse information C cannot be stored. When the post-edit disperse information C is stored in the hard disk of the personal computer, two pieces of the post-edit disperse information A and C exist in the hard disk, so that the post-edit data D01 can be reconstructed only in the personal computer. It is unpreferable from the viewpoint of security. Therefore, the disperse information C is deleted. When the disperse information C is deleted, redundancy as the feature of the secret sharing scheme is lost.
As the countermeasure against the problem, it is considered to update the disperse information via a network in the device which is not carried out. However, it is not always possible to connect the device via a network in an outside place. Consequently, also in the case where editing is made off-line in the outside place, the disperse information C is deleted, so that the redundancy may be lost.
In such a state where there is no redundancy, even one of the devices (for example, the USB memory) is stolen, the post-edit data D01 cannot be reconstructed. Even if the secret data D00 before it is taken out is pre-stored on a device in a safe place, the post-edit data D01 is lost.